As a tech-savvy person in a family that mostly consists of low level Internet users - and especially because of my line of work - I'm often tasked with helping them when their computers become riddled with malware.

I have realized long ago that a little security awareness teaching could, in the long run, minimize my need to be involved in this repetitive and frustrating task - not to mention minimize the dangers my family puts itself by picking up malware left and right. But, I must admit that I've had middling success with that plan.

Granted, I'm probably not a great educator, but I believe one of the biggest problem lays in the fact they lack some of the absolute basics on how computers and the Internet operate, and I simply haven't got enough time to tackle all this before I even start addressing the concrete stuff of how to keep safe online.

Keeping this and the fact that their eyes simply glaze over at the mention of anything even remotely technical, it was imperative that I find shortcuts that would allow me to get certain points across in a short time.

One of these shortcuts were online tests that let you test your ability to spot fake emails, webpages or software. After all, repetition IS the best teacher.

When the idea first came to me, I thought the Internet was rife with them, but I was wrong. So, I had to take the time to dig around and make a collection of links to present to my "pupils."

Learning how to spot phishing emails and websites

Phishing tests were relatively easy to find, but unfortunately there aren't many of them.

It's easy to see why. Once you go over the test and see the results, you are able to see the "warning signs" for each email (click on the screenshot to enlarge it):

The explanations are simple and directly applied to each mail. Still, there is one downside: the email examples are always the same each time you take the test.

There are also a number of old MailFrontier's tests still available on the Internet, and they can provide a little variety. Some are aimed specifically at German and UK users. Unfortunately, some of them don't offer explanations on why the email is a phish or legitimate.

Wombat Security Technologies have a free demo round of their popular Anti-Phishing Phil and Anti-Phishing Phyllis online training games. Registration is required, but takes just a minute, and you're off:

Before each round of the game, you have to learn a specific piece of knowledge on how to spot phishing emails, then that knowledge is tested. Unfortunately, only one round of each game is available for free.

Finally, I must add that the spam folder of my "pupils" email accounts offered a good variety of phishing and scammy emails as examples for teaching and testing them, although this is something that, unlike with the tests, they definitely couldn't practice on their own.

The test mixes it up a bit, serving different and random screenshots of fake and real AV. Still, specific details as to what to look for could have been nice. As it is, you'll get the final score, be told where you judged wrong or right, and a description of the fake software and what it does.

Unfortunately, there are no other online tests similar to this one (or at least I couldn't find any). The best you can do to show someone examples of fake AV, their tell-tale signs and behavior collected in one place and easy to peruse is to try this Fortinet blog post.

All in all, I'm sorry that there aren't more quizzes such as these available for free for home users. After all, isn't it in the best interest of all of us to keep as many users as possible safe(er)?

Spotlight

By working with the DevOps team, you can ensure that the production environment is more predictable, auditable and more secure than before. The key is to integrate your security requirements into the DevOps pipeline.

A critical vulnerability in ANTlabs InnGate devices, a popular Internet gateway for visitor-based networks and commonly installed in hotels and convention centers, has been discovered. The flaw could allow an attacker to monitor or tamper with traffic to and from any hotel WiFi user's connection.

In this interview, Raj Samani, VP and CTO EMEA at Intel Security, talks about successful information security strategies aimed at the critical infrastructure, government challenges, the role of regulation, and more.